IAS/ECC: add IAS/ECC card specific files ...
as it was announced in http://www.opensc-project.org/pipermail/opensc-devel/2011-January/015756.html git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5197 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
ce116f42b6
commit
57b7a81c3a
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,309 @@
|
|||
/*
|
||||
* iasecc-sdo.h: Support for IAS/ECC smart cards
|
||||
*
|
||||
* Copyright (C) 2010 Viktor Tarasov <vtarasov@opentrust.com>
|
||||
* OpenTrust <www.opentrust.com>
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
* License as published by the Free Software Foundation; either
|
||||
* version 2.1 of the License, or (at your option) any later version.
|
||||
*
|
||||
* This library is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* Lesser General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Lesser General Public
|
||||
* License along with this library; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
*/
|
||||
|
||||
#ifndef SC_IASECC_SDO_H
|
||||
#define SC_IASECC_SDO_H
|
||||
|
||||
#include "types.h"
|
||||
|
||||
#define IASECC_SDO_TAG_HEADER 0xBF
|
||||
|
||||
#define IASECC_SDO_TEMPLATE_TAG 0x70
|
||||
|
||||
#define IASECC_DOCP_TAG 0xA0
|
||||
#define IASECC_DOCP_TAG_NAME 0x84
|
||||
#define IASECC_DOCP_TAG_TRIES_MAXIMUM 0x9A
|
||||
#define IASECC_DOCP_TAG_TRIES_REMAINING 0x9B
|
||||
#define IASECC_DOCP_TAG_USAGE_MAXIMUM 0x9C
|
||||
#define IASECC_DOCP_TAG_USAGE_REMAINING 0x9D
|
||||
#define IASECC_DOCP_TAG_NON_REPUDATION 0x9E
|
||||
#define IASECC_DOCP_TAG_SIZE 0x80
|
||||
#define IASECC_DOCP_TAG_ACLS 0xA1
|
||||
#define IASECC_DOCP_TAG_ACLS_CONTACT 0x8C
|
||||
#define IASECC_DOCP_TAG_ACLS_CONTACTLESS 0x9C
|
||||
#define IASECC_DOCP_TAG_ISSUER_DATA_BER 0xA5
|
||||
#define IASECC_DOCP_TAG_ISSUER_DATA 0x85
|
||||
|
||||
#define IASECC_ACLS_CHV_CHANGE 0
|
||||
#define IASECC_ACLS_CHV_VERIFY 1
|
||||
#define IASECC_ACLS_CHV_RESET 2
|
||||
#define IASECC_ACLS_CHV_PUT_DATA 5
|
||||
#define IASECC_ACLS_CHV_GET_DATA 6
|
||||
|
||||
#define IASECC_ACLS_RSAKEY_PSO_SIGN 0
|
||||
#define IASECC_ACLS_RSAKEY_INTERNAL_AUTH 1
|
||||
#define IASECC_ACLS_RSAKEY_PSO_DECIPHER 2
|
||||
#define IASECC_ACLS_RSAKEY_GENERATE 3
|
||||
#define IASECC_ACLS_RSAKEY_PUT_DATA 5
|
||||
#define IASECC_ACLS_RSAKEY_GET_DATA 6
|
||||
|
||||
#define IASECC_SDO_CHV_TAG 0x7F41
|
||||
#define IASECC_SDO_CHV_TAG_SIZE_MAX 0x80
|
||||
#define IASECC_SDO_CHV_TAG_SIZE_MIN 0x81
|
||||
#define IASECC_SDO_CHV_TAG_VALUE 0x82
|
||||
|
||||
#define IASECC_SDO_PRVKEY_TAG 0x7F48
|
||||
#define IASECC_SDO_PRVKEY_TAG_P 0x92
|
||||
#define IASECC_SDO_PRVKEY_TAG_Q 0x93
|
||||
#define IASECC_SDO_PRVKEY_TAG_IQMP 0x94
|
||||
#define IASECC_SDO_PRVKEY_TAG_DMP1 0x95
|
||||
#define IASECC_SDO_PRVKEY_TAG_DMQ1 0x96
|
||||
#define IASECC_SDO_PRVKEY_TAG_COMPULSORY 0x80
|
||||
|
||||
#define IASECC_SDO_PUBKEY_TAG 0x7F49
|
||||
#define IASECC_SDO_PUBKEY_TAG_N 0x81
|
||||
#define IASECC_SDO_PUBKEY_TAG_E 0x82
|
||||
#define IASECC_SDO_PUBKEY_TAG_COMPULSORY 0x80
|
||||
#define IASECC_SDO_PUBKEY_TAG_CHR 0x5F20
|
||||
#define IASECC_SDO_PUBKEY_TAG_CHA 0x5F4C
|
||||
|
||||
#define IASECC_SDO_KEYSET_TAG 0xA2
|
||||
#define IASECC_SDO_KEYSET_TAG_MAC 0x90
|
||||
#define IASECC_SDO_KEYSET_TAG_ENC 0x91
|
||||
#define IASECC_SDO_KEYSET_TAG_COMPULSORY 0x80
|
||||
|
||||
#define IASECC_SCB_METHOD_NEED_ALL 0x80
|
||||
#define IASECC_SCB_METHOD_MASK 0x70
|
||||
#define IASECC_SCB_METHOD_MASK_REF 0x0F
|
||||
#define IASECC_SCB_METHOD_SM 0x40
|
||||
#define IASECC_SCB_METHOD_EXT_AUTH 0x20
|
||||
#define IASECC_SCB_METHOD_USER_AUTH 0x10
|
||||
|
||||
#define IASECC_SCB_NEVER 0xFF
|
||||
#define IASECC_SCB_ALWAYS 0x00
|
||||
|
||||
#define IASECC_SDO_CLASS_CHV 0x01
|
||||
#define IASECC_SDO_CLASS_KEYSET 0x0A
|
||||
#define IASECC_SDO_CLASS_RSA_PRIVATE 0x10
|
||||
#define IASECC_SDO_CLASS_RSA_PUBLIC 0x20
|
||||
#define IASECC_SDO_CLASS_SE 0x7B
|
||||
|
||||
#define IASECC_CRT_TAG_AT 0xA4
|
||||
#define IASECC_CRT_TAG_CT 0xB8
|
||||
#define IASECC_CRT_TAG_CCT 0xB4
|
||||
#define IASECC_CRT_TAG_DST 0xB6
|
||||
#define IASECC_CRT_TAG_HT 0xAA
|
||||
#define IASECC_CRT_TAG_KAT 0xA6
|
||||
|
||||
#define IASECC_CRT_TAG_USAGE 0x95
|
||||
#define IASECC_CRT_TAG_REFERENCE 0x83
|
||||
#define IASECC_CRT_TAG_ALGO 0x80
|
||||
|
||||
#define IASECC_ALGORITHM_SYMMETRIC 0x0C
|
||||
#define IASECC_ALGORITHM_DH 0x0B
|
||||
#define IASECC_ALGORITHM_RSA_PKCS 0x02
|
||||
#define IASECC_ALGORITHM_RSA_9796_2 0x01
|
||||
#define IASECC_ALGORITHM_RSA_PKCS_DECRYPT 0x0A
|
||||
#define IASECC_ALGORITHM_SHA1 0x10
|
||||
#define IASECC_ALGORITHM_SHA2 0x40
|
||||
|
||||
#define IASECC_ALGORITHM_ROLE_AUTH 0x1C
|
||||
#define IASECC_ALGORITHM_SYMMETRIC_SHA1 0x0C
|
||||
#define IASECC_ALGORITHM_SYMMETRIC_SHA256 0x8C
|
||||
|
||||
#define IASECC_UQB_AT_MUTUAL_AUTHENTICATION 0xC0
|
||||
#define IASECC_UQB_AT_EXTERNAL_AUTHENTICATION 0x80
|
||||
#define IASECC_UQB_AT_AUTHENTICATION 0x40
|
||||
#define IASECC_UQB_AT_USER_PASSWORD 0x08
|
||||
#define IASECC_UQB_AT_USER_BIOMETRIC 0x04
|
||||
|
||||
#define IASECC_UQB_DST_VERIFICATION 0x80
|
||||
#define IASECC_UQB_DST_COMPUTATION 0x40
|
||||
|
||||
#define IASECC_UQB_CT_ENCIPHERMENT 0x80
|
||||
#define IASECC_UQB_CT_DECIPHERMENT 0x40
|
||||
#define IASECC_UQB_CT_SM_RESPONSE 0x20
|
||||
#define IASECC_UQB_CT_SM_COMMAND 0x10
|
||||
|
||||
#define IASECC_UQB_CCT_VERIFICATION 0x80
|
||||
#define IASECC_UQB_CCT_COMPUTATION 0x40
|
||||
#define IASECC_UQB_CCT_SM_RESPONSE 0x20
|
||||
#define IASECC_UQB_CCT_SM_COMMAND 0x10
|
||||
|
||||
#define IASECC_UQB_KAT 0x80
|
||||
|
||||
#define IASECC_ACL_GET_DATA 0x01
|
||||
#define IASECC_ACL_PUT_DATA 0x02
|
||||
#define IASECC_ACL_GENERATE_KEY 0x08
|
||||
#define IASECC_ACL_PSO_DECIPHER 0x10
|
||||
#define IASECC_ACL_INTERNAL_AUTHENTICATE 0x20
|
||||
#define IASECC_ACL_PSO_SIGNATURE 0x40
|
||||
|
||||
#define IASECC_SDO_TAGS_UPDATE_MAX 16
|
||||
|
||||
#define IASECC_SE_CRTS_MAX 24
|
||||
|
||||
#define _MAKE_IASECC_SDO_MAGIC(a, b, c, d) (((a) << 24) | ((b) << 16) | ((c) << 8) | ((d)))
|
||||
|
||||
#define IASECC_SDO_MAGIC _MAKE_IASECC_SDO_MAGIC('E', 'C', 'S', 'D')
|
||||
#define IASECC_SDO_MAGIC_UPDATE _MAKE_IASECC_SDO_MAGIC('E', 'C', 'U', 'D')
|
||||
#define IASECC_SDO_MAGIC_UPDATE_RSA _MAKE_IASECC_SDO_MAGIC('E', 'C', 'U', 'R')
|
||||
|
||||
#define IASECC_MAX_SCBS 7
|
||||
#define IASECC_MAX_CRTS_IN_SE 24
|
||||
|
||||
struct iasecc_extended_tlv {
|
||||
unsigned tag;
|
||||
unsigned parent_tag;
|
||||
|
||||
unsigned char *value;
|
||||
size_t size;
|
||||
|
||||
unsigned on_card;
|
||||
};
|
||||
|
||||
struct iasecc_sdo_docp {
|
||||
struct iasecc_extended_tlv name;
|
||||
struct iasecc_extended_tlv tries_maximum;
|
||||
struct iasecc_extended_tlv tries_remaining;
|
||||
struct iasecc_extended_tlv usage_maximum;
|
||||
struct iasecc_extended_tlv usage_remaining;
|
||||
struct iasecc_extended_tlv non_repudiation;
|
||||
struct iasecc_extended_tlv size;
|
||||
struct iasecc_extended_tlv acls_contact;
|
||||
struct iasecc_extended_tlv acls_contactless;
|
||||
struct iasecc_extended_tlv issuer_data;
|
||||
|
||||
unsigned char amb, scbs[IASECC_MAX_SCBS];
|
||||
};
|
||||
|
||||
struct iasecc_sdo_chv {
|
||||
struct iasecc_extended_tlv size_max;
|
||||
struct iasecc_extended_tlv size_min;
|
||||
struct iasecc_extended_tlv value;
|
||||
};
|
||||
|
||||
struct iasecc_sdo_prvkey {
|
||||
struct iasecc_extended_tlv p;
|
||||
struct iasecc_extended_tlv q;
|
||||
struct iasecc_extended_tlv iqmp;
|
||||
struct iasecc_extended_tlv dmp1;
|
||||
struct iasecc_extended_tlv dmq1;
|
||||
struct iasecc_extended_tlv compulsory;
|
||||
};
|
||||
|
||||
struct iasecc_sdo_pubkey {
|
||||
struct iasecc_extended_tlv n;
|
||||
struct iasecc_extended_tlv e;
|
||||
struct iasecc_extended_tlv compulsory;
|
||||
struct iasecc_extended_tlv chr;
|
||||
struct iasecc_extended_tlv cha;
|
||||
};
|
||||
|
||||
struct iasecc_sdo_keyset {
|
||||
struct iasecc_extended_tlv mac;
|
||||
struct iasecc_extended_tlv enc;
|
||||
struct iasecc_extended_tlv compulsory;
|
||||
};
|
||||
|
||||
struct iasecc_sdo {
|
||||
unsigned char sdo_class;
|
||||
unsigned char sdo_ref;
|
||||
|
||||
unsigned int usage;
|
||||
|
||||
struct iasecc_sdo_docp docp;
|
||||
|
||||
union {
|
||||
struct iasecc_sdo_chv chv;
|
||||
struct iasecc_sdo_prvkey prv_key;
|
||||
struct iasecc_sdo_pubkey pub_key;
|
||||
struct iasecc_sdo_keyset keyset;
|
||||
} data;
|
||||
|
||||
unsigned not_on_card;
|
||||
unsigned magic;
|
||||
};
|
||||
|
||||
struct iasecc_sdo_update {
|
||||
unsigned char sdo_class;
|
||||
unsigned char sdo_ref;
|
||||
|
||||
struct iasecc_extended_tlv fields[IASECC_SDO_TAGS_UPDATE_MAX];
|
||||
|
||||
unsigned char acl_method, acl_ref;
|
||||
|
||||
unsigned magic;
|
||||
};
|
||||
|
||||
struct iasecc_sdo_rsa_update {
|
||||
struct iasecc_sdo *sdo_prv_key;
|
||||
struct iasecc_sdo *sdo_pub_key;
|
||||
struct sc_pkcs15_prkey_rsa *p15_rsa;
|
||||
|
||||
struct iasecc_sdo_update update_prv;
|
||||
struct iasecc_sdo_update update_pub;
|
||||
|
||||
unsigned magic;
|
||||
};
|
||||
|
||||
struct iasecc_se_info {
|
||||
struct iasecc_sdo_docp docp;
|
||||
int reference;
|
||||
|
||||
struct sc_crt crts[SC_MAX_CRTS_IN_SE];
|
||||
|
||||
struct sc_file *df;
|
||||
struct iasecc_se_info *next;
|
||||
|
||||
unsigned magic;
|
||||
};
|
||||
|
||||
struct iasecc_sm_card_answer {
|
||||
unsigned char data[SC_MAX_APDU_BUFFER_SIZE];
|
||||
size_t data_len;
|
||||
|
||||
unsigned sw;
|
||||
|
||||
unsigned char mac[8];
|
||||
unsigned char ticket[14];
|
||||
};
|
||||
|
||||
struct iasecc_ctl_get_free_reference {
|
||||
size_t key_size;
|
||||
unsigned usage;
|
||||
unsigned access;
|
||||
int index;
|
||||
};
|
||||
|
||||
enum IASECC_KEY_TYPE {
|
||||
IASECC_SDO_CLASS_RSA_PRV = 0x10,
|
||||
IASECC_SDO_CLASS_RSA_PUB = 0x20
|
||||
};
|
||||
|
||||
struct sc_card;
|
||||
int iasecc_sdo_convert_acl(struct sc_card *card, struct iasecc_sdo *, unsigned char, unsigned *, unsigned *);
|
||||
void iasecc_sdo_free_fields(struct sc_card *card, struct iasecc_sdo *);
|
||||
void iasecc_sdo_free(struct sc_card *, struct iasecc_sdo *);
|
||||
int iasecc_se_parse(struct sc_card *, unsigned char *, size_t, struct iasecc_se_info *);
|
||||
int iasecc_sdo_parse(struct sc_card *, unsigned char *, size_t, struct iasecc_sdo *);
|
||||
int iasecc_sdo_allocate_and_parse(struct sc_card *, unsigned char *, size_t, struct iasecc_sdo **);
|
||||
int iasecc_encode_size(size_t, unsigned char *);
|
||||
int iasecc_encode_docp(struct sc_card *, struct iasecc_sdo_docp *, unsigned char **, size_t *);
|
||||
int iasecc_sdo_encode_update_field(struct sc_context *, unsigned char, unsigned char,
|
||||
struct iasecc_extended_tlv *, unsigned char **);
|
||||
int iasecc_se_get_crt(struct sc_card *, struct iasecc_se_info *, struct sc_crt *);
|
||||
int iasecc_se_get_crt_by_usage(struct sc_card *, struct iasecc_se_info *,
|
||||
unsigned char, unsigned char, struct sc_crt *);
|
||||
int iasecc_sdo_encode_rsa_update(struct sc_context *, struct iasecc_sdo *, struct sc_pkcs15_prkey_rsa *, struct iasecc_sdo_update *);
|
||||
int iasecc_sdo_parse_card_answer(struct sc_context *ctx, unsigned char *data, size_t data_len, struct iasecc_sm_card_answer *out);
|
||||
int iasecc_docp_copy(struct sc_context *ctx, struct iasecc_sdo_docp *in, struct iasecc_sdo_docp *out);
|
||||
#endif
|
|
@ -0,0 +1,140 @@
|
|||
/*
|
||||
* iasecc.h Support for IAS/ECC smart cards
|
||||
*
|
||||
* Copyright (C) 2010 Viktor Tarasov <vtarasov@opentrust.com>
|
||||
* OpenTrust <www.opentrust.com>
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
* License as published by the Free Software Foundation; either
|
||||
* version 2.1 of the License, or (at your option) any later version.
|
||||
*
|
||||
* This library is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* Lesser General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Lesser General Public
|
||||
* License along with this library; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
*/
|
||||
|
||||
#ifndef _OPENSC_IASECC_H
|
||||
#define _OPENSC_IASECC_H
|
||||
|
||||
#include "errors.h"
|
||||
#include "types.h"
|
||||
#include "iasecc-sdo.h"
|
||||
|
||||
#define ISO7812_PAN_SN_TAG 0x5A
|
||||
#define ISO7812_PAN_LENGTH 0x0C
|
||||
|
||||
#ifndef SHA256_DIGEST_LENGTH
|
||||
#define SHA_DIGEST_LENGTH 20
|
||||
#define SHA256_DIGEST_LENGTH 32
|
||||
#endif
|
||||
|
||||
#ifndef CKM_RSA_PKCS
|
||||
#define CKM_RSA_PKCS 0x00000001
|
||||
#define CKM_SHA1_RSA_PKCS 0x00000006
|
||||
#define CKM_SHA256_RSA_PKCS 0x00000040
|
||||
#define CKM_SHA_1 0x00000220
|
||||
#define CKM_SHA256 0x00000250
|
||||
#endif
|
||||
|
||||
#define IASECC_TITLE "IASECC"
|
||||
|
||||
#define IASECC_FCP_TAG 0x62
|
||||
#define IASECC_FCP_TAG_SIZE 0x80
|
||||
#define IASECC_FCP_TAG_TYPE 0x82
|
||||
#define IASECC_FCP_TAG_FID 0x83
|
||||
#define IASECC_FCP_TAG_NAME 0x84
|
||||
#define IASECC_FCP_TAG_SFID 0x88
|
||||
#define IASECC_FCP_TAG_ACLS 0xA1
|
||||
#define IASECC_FCP_TAG_ACLS_CONTACT 0x8C
|
||||
|
||||
#define IASECC_FCP_TYPE_EF 0x01
|
||||
#define IASECC_FCP_TYPE_DF 0x38
|
||||
|
||||
#define IASECC_OBJECT_REF_LOCAL 0x80
|
||||
#define IASECC_OBJECT_REF_GLOBAL 0x00
|
||||
|
||||
#define IASECC_OBJECT_REF_MIN 0x01
|
||||
#define IASECC_OBJECT_REF_MAX 0x1F
|
||||
|
||||
#define IASECC_SE_REF_MIN 0x01
|
||||
#define IASECC_SE_REF_MAX 0x0F
|
||||
|
||||
/* IAS/ECC interindustry data tags */
|
||||
#define IASECC_ATR_TAG_IO_BUFFER_SIZES 0xE0
|
||||
|
||||
#define IASECC_SFI_EF_DIR 0x1E
|
||||
#define IASECC_SFI_EF_ATR 0x1D
|
||||
#define IASECC_SFI_EF_SN 0x1C
|
||||
#define IASECC_SFI_EF_DH 0x1B
|
||||
|
||||
#define IASECC_READ_BINARY_LENGTH_MAX 0xE7
|
||||
|
||||
#define IASECC_PSO_HASH_TAG_PARTIAL 0x90
|
||||
#define IASECC_PSO_HASH_TAG_REMAINING 0x80
|
||||
|
||||
#define IASECC_CARD_ANSWER_TAG_DATA 0x87
|
||||
#define IASECC_CARD_ANSWER_TAG_SW 0x99
|
||||
#define IASECC_CARD_ANSWER_TAG_MAC 0x8E
|
||||
|
||||
#define IASECC_SM_DO_TAG_TLE 0x97
|
||||
#define IASECC_SM_DO_TAG_TSW 0x99
|
||||
#define IASECC_SM_DO_TAG_TCC 0x8E
|
||||
#define IASECC_SM_DO_TAG_TCG_ODD_INS 0x85
|
||||
#define IASECC_SM_DO_TAG_TCG_EVEN_INS 0x87
|
||||
#define IASECC_SM_DO_TAG_TCG 0x87
|
||||
#define IASECC_SM_DO_TAG_TBR 0x85
|
||||
|
||||
struct sc_security_env;
|
||||
|
||||
typedef struct iasecc_qsign_data {
|
||||
int hash_algo;
|
||||
|
||||
unsigned char hash[SHA256_DIGEST_LENGTH];
|
||||
size_t hash_size;
|
||||
|
||||
unsigned char pre_hash[SHA256_DIGEST_LENGTH];
|
||||
size_t pre_hash_size;
|
||||
|
||||
unsigned char counter[8];
|
||||
|
||||
unsigned char last_block[64];
|
||||
size_t last_block_size;
|
||||
} iasecc_qsign_data_t;
|
||||
|
||||
|
||||
struct iasecc_version {
|
||||
unsigned char ic_manufacturer;
|
||||
unsigned char ic_type;
|
||||
unsigned char os_version;
|
||||
unsigned char iasecc_version;
|
||||
};
|
||||
|
||||
struct iasecc_io_buffer_sizes {
|
||||
size_t send;
|
||||
size_t send_sc;
|
||||
size_t recv;
|
||||
size_t recv_sc;
|
||||
};
|
||||
|
||||
struct iasecc_private_data {
|
||||
struct iasecc_version version;
|
||||
struct iasecc_io_buffer_sizes max_sizes;
|
||||
|
||||
struct sc_security_env security_env;
|
||||
size_t key_size;
|
||||
unsigned op_method, op_ref;
|
||||
|
||||
struct iasecc_se_info *se_info;
|
||||
};
|
||||
|
||||
|
||||
int sm_iasecc_rsa_generate(struct sc_card *card, unsigned security_condition,
|
||||
struct iasecc_sdo *sdo);
|
||||
|
||||
#endif
|
|
@ -0,0 +1,187 @@
|
|||
#
|
||||
# PKCS15 r/w profile for Oberthur cards
|
||||
#
|
||||
cardinfo {
|
||||
label = "IAS";
|
||||
manufacturer = "IAS Gemalto";
|
||||
|
||||
max-pin-length = 4;
|
||||
min-pin-length = 4;
|
||||
pin-encoding = ascii-numeric;
|
||||
pin-pad-char = 0xFF;
|
||||
}
|
||||
|
||||
pkcs15 {
|
||||
# Put certificates into the CDF itself?
|
||||
direct-certificates = no;
|
||||
# Put the DF length into the ODF file?
|
||||
encode-df-length = no;
|
||||
# Have a lastUpdate field in the EF(TokenInfo)?
|
||||
do-last-update = yes;
|
||||
}
|
||||
|
||||
option ecc {
|
||||
macros {
|
||||
odf-size = 96;
|
||||
aodf-size = 300;
|
||||
cdf-size = 3000;
|
||||
prkdf-size = 6700;
|
||||
pukdf-size = 2300;
|
||||
dodf-size = 3000;
|
||||
skdf-size = 3000;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
# Define reasonable limits for PINs and PUK
|
||||
# Note that we do not set a file path or reference
|
||||
# here; that is done dynamically.
|
||||
PIN user-pin {
|
||||
attempts = 5;
|
||||
max-length = 4;
|
||||
min-length = 4;
|
||||
flags = 0x10; # initialized
|
||||
reference = 1;
|
||||
}
|
||||
PIN so-pin {
|
||||
auth-id = FF;
|
||||
attempts = 5;
|
||||
max-length = 4;
|
||||
min-length = 4;
|
||||
flags = 0xB2;
|
||||
reference = 2
|
||||
}
|
||||
|
||||
# Additional filesystem info.
|
||||
# This is added to the file system info specified in the
|
||||
# main profile.
|
||||
filesystem {
|
||||
DF MF {
|
||||
ACL = *=CHV4;
|
||||
path = 3F00;
|
||||
type = DF;
|
||||
|
||||
# This is the DIR file
|
||||
EF DIR {
|
||||
type = EF;
|
||||
file-id = 2F00;
|
||||
size = 128;
|
||||
acl = *=NONE;
|
||||
}
|
||||
|
||||
# Here comes the application DF
|
||||
|
||||
DF PKCS15-AppDF {
|
||||
type = DF;
|
||||
aid = E8:28:BD:08:0F:D2:50:00:00:04:01:01;
|
||||
acl = *=NONE;
|
||||
size = 5000;
|
||||
|
||||
EF PKCS15-ODF {
|
||||
file-id = 5031;
|
||||
size = 96;
|
||||
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
|
||||
}
|
||||
|
||||
EF PKCS15-TokenInfo {
|
||||
file-id = 5032;
|
||||
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
|
||||
}
|
||||
}
|
||||
|
||||
DF Adele-AppDF {
|
||||
type = DF;
|
||||
aid = D2:50:00:00:04:41:64:E8:6C:65:01:01;
|
||||
acl = *=NONE;
|
||||
size = 5000;
|
||||
|
||||
EF PKCS15-AODF {
|
||||
file-id = 7001;
|
||||
size = 300;
|
||||
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
|
||||
}
|
||||
|
||||
EF PKCS15-PrKDF {
|
||||
file-id = 7002;
|
||||
size = 6700;
|
||||
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
|
||||
}
|
||||
|
||||
EF PKCS15-PuKDF {
|
||||
file-id = 7004;
|
||||
size = 2300;
|
||||
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
|
||||
}
|
||||
|
||||
EF PKCS15-SKDF {
|
||||
file-id = 7003;
|
||||
size = 3000;
|
||||
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
|
||||
}
|
||||
|
||||
EF PKCS15-CDF {
|
||||
file-id = 7005;
|
||||
size = 3000;
|
||||
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
|
||||
}
|
||||
|
||||
EF PKCS15-DODF {
|
||||
file-id = 7006;
|
||||
size = 3000;
|
||||
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
|
||||
}
|
||||
|
||||
template key-domain {
|
||||
# Private RSA keys
|
||||
BSO private-key {
|
||||
ACL = *=NEVER;
|
||||
ACL = SIGN=SCBx17, AUTHENTICATE=SCBx17, DECIPHER=SCBx17, GENERATE=SCBx17, UPDATE=SCBx17, READ=NONE;
|
||||
}
|
||||
|
||||
# Private DES keys
|
||||
BSO private-des {
|
||||
size = 24; # 192 bits
|
||||
# READ acl used insted of DECIPHER/ENCIPHER/CHECKSUM
|
||||
}
|
||||
|
||||
# Private data
|
||||
EF private-data {
|
||||
file-id = F000;
|
||||
size = 36;
|
||||
ACL = *=NONE;
|
||||
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=SCBx17;
|
||||
}
|
||||
|
||||
# Certificate
|
||||
EF certificate {
|
||||
# for the profiles 'ADELE Admin. 1 & 2'
|
||||
# file-id: auth: A001; sign: A002; encr: A003;
|
||||
#
|
||||
file-id = B000;
|
||||
ACL = *=NEVER;
|
||||
ACL = UPDATE=SCBx17, READ=NONE, DELETE=NONE;
|
||||
}
|
||||
|
||||
#Public Key
|
||||
BSO public-key {
|
||||
ACL = *=NEVER;
|
||||
ACL = AUTHENTICATE=SCBx17, GENERATE=SCBx17, UPDATE=SCBx17, READ=NONE;
|
||||
}
|
||||
|
||||
# Public DES keys
|
||||
BSO public-des {
|
||||
size = 24; # 192 bits
|
||||
ACL = *=NONE;
|
||||
}
|
||||
|
||||
# Public data
|
||||
EF public-data {
|
||||
file-id = D000;
|
||||
ACL = *=NONE;
|
||||
ACL = WRITE=SCBx17, UPDATE=SCBx17, DELETE=NONE;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,183 @@
|
|||
#
|
||||
# PKCS15 r/w profile for Oberthur cards
|
||||
#
|
||||
cardinfo {
|
||||
label = "IAS";
|
||||
manufacturer = "IAS Gemalto";
|
||||
|
||||
max-pin-length = 4;
|
||||
min-pin-length = 4;
|
||||
pin-encoding = ascii-numeric;
|
||||
pin-pad-char = 0xFF;
|
||||
|
||||
# Delete or not the public key when inconporating the
|
||||
# corresponding certificate.
|
||||
keep-public-key = yes; # yes/no
|
||||
}
|
||||
|
||||
pkcs15 {
|
||||
# Put certificates into the CDF itself?
|
||||
direct-certificates = no;
|
||||
# Put the DF length into the ODF file?
|
||||
encode-df-length = no;
|
||||
# Have a lastUpdate field in the EF(TokenInfo)?
|
||||
do-last-update = yes;
|
||||
}
|
||||
|
||||
option ecc {
|
||||
macros {
|
||||
odf-size = 96;
|
||||
aodf-size = 300;
|
||||
cdf-size = 3000;
|
||||
prkdf-size = 6700;
|
||||
pukdf-size = 2300;
|
||||
dodf-size = 3000;
|
||||
skdf-size = 3000;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
# Define reasonable limits for PINs and PUK
|
||||
# Note that we do not set a file path or reference
|
||||
# here; that is done dynamically.
|
||||
PIN user-pin {
|
||||
attempts = 5;
|
||||
max-length = 4;
|
||||
min-length = 4;
|
||||
flags = 0x10; # initialized
|
||||
reference = 1;
|
||||
}
|
||||
PIN so-pin {
|
||||
auth-id = FF;
|
||||
attempts = 5;
|
||||
max-length = 4;
|
||||
min-length = 4;
|
||||
flags = 0xB2;
|
||||
reference = 2
|
||||
}
|
||||
|
||||
# Additional filesystem info.
|
||||
# This is added to the file system info specified in the
|
||||
# main profile.
|
||||
filesystem {
|
||||
DF MF {
|
||||
ACL = *=CHV4;
|
||||
path = 3F00;
|
||||
type = DF;
|
||||
|
||||
# This is the DIR file
|
||||
EF DIR {
|
||||
type = EF;
|
||||
file-id = 2F00;
|
||||
size = 128;
|
||||
acl = *=NONE;
|
||||
}
|
||||
|
||||
# Here comes the application DF
|
||||
|
||||
DF PKCS15-AppDF {
|
||||
type = DF;
|
||||
aid = E8:28:BD:08:0F:D2:50:00:00:04:02:01;
|
||||
acl = *=NONE;
|
||||
size = 5000;
|
||||
|
||||
EF PKCS15-ODF {
|
||||
file-id = 5031;
|
||||
size = 96;
|
||||
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
|
||||
}
|
||||
|
||||
EF PKCS15-TokenInfo {
|
||||
file-id = 5032;
|
||||
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
|
||||
}
|
||||
|
||||
EF PKCS15-AODF {
|
||||
file-id = 7001;
|
||||
size = 300;
|
||||
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
|
||||
}
|
||||
|
||||
EF PKCS15-PrKDF {
|
||||
file-id = 7002;
|
||||
size = 6700;
|
||||
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
|
||||
}
|
||||
|
||||
EF PKCS15-PuKDF {
|
||||
file-id = 7004;
|
||||
size = 2300;
|
||||
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
|
||||
}
|
||||
|
||||
EF PKCS15-SKDF {
|
||||
file-id = 7003;
|
||||
size = 3000;
|
||||
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
|
||||
}
|
||||
|
||||
EF PKCS15-CDF {
|
||||
file-id = 7005;
|
||||
size = 3000;
|
||||
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
|
||||
}
|
||||
|
||||
EF PKCS15-DODF {
|
||||
file-id = 7006;
|
||||
size = 3000;
|
||||
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
|
||||
}
|
||||
|
||||
template key-domain {
|
||||
# Private RSA keys
|
||||
BSO private-key {
|
||||
ACL = *=NEVER;
|
||||
ACL = SIGN=SCBx17, AUTHENTICATE=SCBx17, DECIPHER=SCBx17, GENERATE=SCBx17, UPDATE=SCBx17, READ=NONE;
|
||||
}
|
||||
|
||||
# Private DES keys
|
||||
BSO private-des {
|
||||
size = 24; # 192 bits
|
||||
# READ acl used insted of DECIPHER/ENCIPHER/CHECKSUM
|
||||
}
|
||||
|
||||
# Private data
|
||||
EF private-data {
|
||||
file-id = F000;
|
||||
size = 36;
|
||||
ACL = *=NONE;
|
||||
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=SCBx17;
|
||||
}
|
||||
|
||||
# Certificate
|
||||
EF certificate {
|
||||
# for the profiles 'ADELE Admin. 1 & 2'
|
||||
# file-id: auth: A001; sign: A002; encr: A003;
|
||||
file-id = B000;
|
||||
ACL = *=NEVER;
|
||||
ACL = UPDATE=SCBx17, READ=NONE, DELETE=NONE;
|
||||
}
|
||||
|
||||
#Public Key
|
||||
BSO public-key {
|
||||
ACL = *=NEVER;
|
||||
ACL = AUTHENTICATE=SCBx17, GENERATE=SCBx17, UPDATE=SCBx17, READ=NONE;
|
||||
}
|
||||
|
||||
# Public DES keys
|
||||
BSO public-des {
|
||||
size = 24; # 192 bits
|
||||
ACL = *=NONE;
|
||||
}
|
||||
|
||||
# Public data
|
||||
EF public-data {
|
||||
file-id = D000;
|
||||
ACL = *=NONE;
|
||||
ACL = WRITE=SCBx17, UPDATE=SCBx17, DELETE=NONE;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,178 @@
|
|||
#
|
||||
# PKCS15 r/w profile for Oberthur cards
|
||||
#
|
||||
cardinfo {
|
||||
label = "IAS";
|
||||
manufacturer = "IAS Gemalto";
|
||||
|
||||
max-pin-length = 4;
|
||||
min-pin-length = 4;
|
||||
pin-encoding = ascii-numeric;
|
||||
pin-pad-char = 0xFF;
|
||||
}
|
||||
|
||||
pkcs15 {
|
||||
# Put certificates into the CDF itself?
|
||||
direct-certificates = no;
|
||||
# Put the DF length into the ODF file?
|
||||
encode-df-length = no;
|
||||
# Have a lastUpdate field in the EF(TokenInfo)?
|
||||
do-last-update = yes;
|
||||
}
|
||||
|
||||
option ecc {
|
||||
macros {
|
||||
odf-size = 96;
|
||||
aodf-size = 300;
|
||||
cdf-size = 3000;
|
||||
prkdf-size = 6700;
|
||||
pukdf-size = 2300;
|
||||
dodf-size = 3000;
|
||||
skdf-size = 3000;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
# Define reasonable limits for PINs and PUK
|
||||
# Note that we do not set a file path or reference
|
||||
# here; that is done dynamically.
|
||||
PIN user-pin {
|
||||
attempts = 5;
|
||||
max-length = 4;
|
||||
min-length = 4;
|
||||
flags = 0x10; # initialized
|
||||
reference = 1;
|
||||
}
|
||||
PIN so-pin {
|
||||
auth-id = FF;
|
||||
attempts = 5;
|
||||
max-length = 4;
|
||||
min-length = 4;
|
||||
flags = 0xB2;
|
||||
reference = 2
|
||||
}
|
||||
|
||||
# Additional filesystem info.
|
||||
# This is added to the file system info specified in the
|
||||
# main profile.
|
||||
filesystem {
|
||||
DF MF {
|
||||
ACL = *=CHV4;
|
||||
path = 3F00;
|
||||
type = DF;
|
||||
|
||||
# This is the DIR file
|
||||
EF DIR {
|
||||
type = EF;
|
||||
file-id = 2F00;
|
||||
size = 128;
|
||||
acl = *=NONE;
|
||||
}
|
||||
|
||||
# Here comes the application DF
|
||||
DF PKCS15-AppDF {
|
||||
type = DF;
|
||||
aid = E8:28:BD:08:0F:D2:50:00:00:04:03:01;
|
||||
acl = *=NONE;
|
||||
size = 5000;
|
||||
|
||||
EF PKCS15-ODF {
|
||||
file-id = 5031;
|
||||
size = 96;
|
||||
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
|
||||
}
|
||||
|
||||
EF PKCS15-TokenInfo {
|
||||
file-id = 5032;
|
||||
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
|
||||
}
|
||||
|
||||
EF PKCS15-AODF {
|
||||
file-id = 7001;
|
||||
size = 300;
|
||||
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
|
||||
}
|
||||
|
||||
EF PKCS15-PrKDF {
|
||||
file-id = 7002;
|
||||
size = 6700;
|
||||
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
|
||||
}
|
||||
|
||||
EF PKCS15-PuKDF {
|
||||
file-id = 7004;
|
||||
size = 2300;
|
||||
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
|
||||
}
|
||||
|
||||
EF PKCS15-SKDF {
|
||||
file-id = 7003;
|
||||
size = 3000;
|
||||
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
|
||||
}
|
||||
|
||||
EF PKCS15-CDF {
|
||||
file-id = 7005;
|
||||
size = 3000;
|
||||
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
|
||||
}
|
||||
|
||||
EF PKCS15-DODF {
|
||||
file-id = 7006;
|
||||
size = 3000;
|
||||
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
|
||||
}
|
||||
|
||||
template key-domain {
|
||||
# Private RSA keys
|
||||
BSO private-key {
|
||||
ACL = *=NEVER;
|
||||
ACL = SIGN=SCBx17, AUTHENTICATE=SCBx17, DECIPHER=SCBx17, GENERATE=SCBx17, UPDATE=SCBx17, READ=NONE;
|
||||
}
|
||||
|
||||
# Private DES keys
|
||||
BSO private-des {
|
||||
size = 24; # 192 bits
|
||||
# READ acl used insted of DECIPHER/ENCIPHER/CHECKSUM
|
||||
}
|
||||
|
||||
# Private data
|
||||
EF private-data {
|
||||
file-id = F000;
|
||||
size = 36;
|
||||
ACL = *=NONE;
|
||||
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=SCBx17;
|
||||
}
|
||||
|
||||
# Certificate
|
||||
EF certificate {
|
||||
# for the profiles 'ADELE Admin. 1 & 2'
|
||||
# file-id: auth: A001; sign: A002; encr: A003;
|
||||
file-id = B000;
|
||||
ACL = *=NEVER;
|
||||
ACL = UPDATE=SCBx17, READ=NONE, DELETE=NONE;
|
||||
}
|
||||
|
||||
#Public Key
|
||||
BSO public-key {
|
||||
ACL = *=NEVER;
|
||||
ACL = AUTHENTICATE=SCBx17, GENERATE=SCBx17, UPDATE=SCBx17, READ=NONE;
|
||||
}
|
||||
|
||||
# Public DES keys
|
||||
BSO public-des {
|
||||
size = 24; # 192 bits
|
||||
ACL = *=NONE;
|
||||
}
|
||||
|
||||
# Public data
|
||||
EF public-data {
|
||||
file-id = D000;
|
||||
ACL = *=NONE;
|
||||
ACL = WRITE=SCBx17, UPDATE=SCBx17, DELETE=NONE;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,113 @@
|
|||
#
|
||||
# PKCS15 r/w profile for Oberthur cards
|
||||
#
|
||||
cardinfo {
|
||||
label = "IAS";
|
||||
manufacturer = "IAS Gemalto";
|
||||
|
||||
max-pin-length = 4;
|
||||
min-pin-length = 4;
|
||||
pin-encoding = ascii-numeric;
|
||||
pin-pad-char = 0xFF;
|
||||
}
|
||||
|
||||
pkcs15 {
|
||||
# Put certificates into the CDF itself?
|
||||
direct-certificates = no;
|
||||
# Put the DF length into the ODF file?
|
||||
encode-df-length = no;
|
||||
# Have a lastUpdate field in the EF(TokenInfo)?
|
||||
do-last-update = yes;
|
||||
}
|
||||
|
||||
option ecc {
|
||||
macros {
|
||||
odf-size = 96;
|
||||
aodf-size = 300;
|
||||
cdf-size = 3000;
|
||||
prkdf-size = 6700;
|
||||
pukdf-size = 2300;
|
||||
dodf-size = 3000;
|
||||
skdf-size = 3000;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
# Define reasonable limits for PINs and PUK
|
||||
# Note that we do not set a file path or reference
|
||||
# here; that is done dynamically.
|
||||
PIN user-pin {
|
||||
attempts = 5;
|
||||
max-length = 4;
|
||||
min-length = 4;
|
||||
flags = 0x10; # initialized
|
||||
reference = 1;
|
||||
}
|
||||
PIN so-pin {
|
||||
auth-id = FF;
|
||||
attempts = 5;
|
||||
max-length = 4;
|
||||
min-length = 4;
|
||||
flags = 0xB2;
|
||||
reference = 2
|
||||
}
|
||||
|
||||
# CHV5 used for Oberthur's specifique access condition "PIN or SOPIN"
|
||||
# Any value for this pin can given, when the OpenSC tools are asking for.
|
||||
|
||||
# Additional filesystem info.
|
||||
# This is added to the file system info specified in the
|
||||
# main profile.
|
||||
filesystem {
|
||||
DF MF {
|
||||
ACL = *=CHV4;
|
||||
path = 3F00;
|
||||
type = DF;
|
||||
|
||||
# This is the DIR file
|
||||
EF DIR {
|
||||
type = EF;
|
||||
file-id = 2F00;
|
||||
size = 128;
|
||||
acl = *=NONE;
|
||||
}
|
||||
|
||||
# Here comes the application DF
|
||||
DF CIA-Adele-AppDF {
|
||||
type = DF;
|
||||
exclusive-aid = E8:28:BD:08:0F:D2:50:00:00:04:01:01;
|
||||
profile-extention = "ias_adele_admin1";
|
||||
}
|
||||
|
||||
DF AdeleAdmin2-AppDF {
|
||||
type = DF;
|
||||
exclusive-aid = E8:28:BD:08:0F:D2:50:00:00:04:02:01;
|
||||
profile-extention = "ias_adele_admin2";
|
||||
}
|
||||
|
||||
DF AdeleCommon-AppDF {
|
||||
type = DF;
|
||||
exclusive-aid = E8:28:BD:08:0F:D2:50:00:00:04:03:01;
|
||||
profile-extention = "ias_adele_common";
|
||||
}
|
||||
|
||||
DF ECCeID-AppDF {
|
||||
type = DF;
|
||||
exclusive-aid = E8:28:BD:08:0F:D2:50:45:43:43:2D:65:49:44;
|
||||
profile-extention = "iasecc_admin_eid";
|
||||
}
|
||||
|
||||
DF ECCGeneric-AppDF {
|
||||
type = DF;
|
||||
exclusive-aid = E8:28:BD:08:0F:D2:50:47:65:6E:65:72:69:63;
|
||||
profile-extention = "iasecc_generic_pki";
|
||||
}
|
||||
|
||||
DF ECCGenericOberthur-AppDF {
|
||||
type = DF;
|
||||
exclusive-aid = E8:28:BD:08:0F:F2:50:4F:54:20:41:57:50;
|
||||
profile-extention = "iasecc_generic_oberthur";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,182 @@
|
|||
#
|
||||
# PKCS15 r/w profile for Oberthur cards
|
||||
#
|
||||
cardinfo {
|
||||
label = "ECC v1.0.1";
|
||||
manufacturer = "Gemalto";
|
||||
|
||||
max-pin-length = 4;
|
||||
min-pin-length = 4;
|
||||
pin-encoding = ascii-numeric;
|
||||
pin-pad-char = 0xFF;
|
||||
}
|
||||
|
||||
pkcs15 {
|
||||
# Put certificates into the CDF itself?
|
||||
direct-certificates = no;
|
||||
# Put the DF length into the ODF file?
|
||||
encode-df-length = no;
|
||||
# Have a lastUpdate field in the EF(TokenInfo)?
|
||||
do-last-update = yes;
|
||||
}
|
||||
|
||||
option ecc {
|
||||
macros {
|
||||
odf-size = 96;
|
||||
aodf-size = 300;
|
||||
cdf-size = 3000;
|
||||
prkdf-size = 6700;
|
||||
pukdf-size = 2300;
|
||||
dodf-size = 3000;
|
||||
skdf-size = 3000;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
# Define reasonable limits for PINs and PUK
|
||||
# Note that we do not set a file path or reference
|
||||
# here; that is done dynamically.
|
||||
PIN user-pin {
|
||||
attempts = 5;
|
||||
max-length = 4;
|
||||
min-length = 4;
|
||||
flags = 0x10; # initialized
|
||||
reference = 1;
|
||||
}
|
||||
PIN so-pin {
|
||||
auth-id = FF;
|
||||
attempts = 5;
|
||||
max-length = 4;
|
||||
min-length = 4;
|
||||
flags = 0xB2;
|
||||
reference = 2
|
||||
}
|
||||
|
||||
# CHV5 used for Oberthur's specifique access condition "PIN or SOPIN"
|
||||
# Any value for this pin can given, when the OpenSC tools are asking for.
|
||||
|
||||
# Additional filesystem info.
|
||||
# This is added to the file system info specified in the
|
||||
# main profile.
|
||||
filesystem {
|
||||
DF MF {
|
||||
ACL = *=CHV4;
|
||||
path = 3F00;
|
||||
type = DF;
|
||||
|
||||
# This is the DIR file
|
||||
EF DIR {
|
||||
type = EF;
|
||||
file-id = 2F00;
|
||||
size = 128;
|
||||
acl = *=NONE;
|
||||
}
|
||||
|
||||
# Here comes the application DF
|
||||
|
||||
DF PKCS15-AppDF {
|
||||
type = DF;
|
||||
aid = E8:28:BD:08:0F:D2:50:45:43:43:2D:65:49:44;
|
||||
acl = *=NONE;
|
||||
size = 5000;
|
||||
|
||||
EF PKCS15-ODF {
|
||||
file-id = 5031;
|
||||
size = 60;
|
||||
ACL = WRITE=SCBx44, UPDATE=SCBx44, READ=NONE;
|
||||
}
|
||||
|
||||
EF PKCS15-TokenInfo {
|
||||
file-id = 5032;
|
||||
size = 400;
|
||||
ACL = WRITE=SCBx44, UPDATE=SCBx44, READ=NONE;
|
||||
}
|
||||
|
||||
EF PKCS15-AODF {
|
||||
file-id = 7001;
|
||||
size = 225;
|
||||
ACL = WRITE=SCBx44, UPDATE=SCBx44, READ=NONE;
|
||||
}
|
||||
|
||||
EF PKCS15-PrKDF {
|
||||
file-id = 7002;
|
||||
size = 450;
|
||||
ACL = WRITE=SCBx44, UPDATE=SCBx44, READ=NONE;
|
||||
}
|
||||
|
||||
EF PKCS15-PuKDF {
|
||||
file-id = 7004;
|
||||
size = 450;
|
||||
ACL = WRITE=SCBx44, UPDATE=SCBx44, READ=NONE;
|
||||
}
|
||||
|
||||
EF PKCS15-SKDF {
|
||||
file-id = 7003;
|
||||
size = 450;
|
||||
ACL = WRITE=SCBx44, UPDATE=SCBx44, READ=NONE;
|
||||
}
|
||||
|
||||
EF PKCS15-CDF {
|
||||
file-id = 7005;
|
||||
size = 300;
|
||||
ACL = WRITE=SCBx44, UPDATE=SCBx44, READ=NONE;
|
||||
}
|
||||
|
||||
EF PKCS15-DODF {
|
||||
file-id = 7006;
|
||||
size = 650;
|
||||
ACL = WRITE=SCBx44, UPDATE=SCBx44, READ=NONE;
|
||||
}
|
||||
|
||||
template key-domain {
|
||||
|
||||
# Private RSA keys
|
||||
BSO private-key {
|
||||
ACL = *=NEVER;
|
||||
ACL = SIGN=SCBx13, AUTHENTICATE=SCBx13, DECIPHER=SCBx13, GENERATE=SCBx44, UPDATE=SCBx44, READ=NONE;
|
||||
}
|
||||
|
||||
# Private DES keys
|
||||
BSO private-des {
|
||||
size = 24; # 192 bits
|
||||
# READ acl used insted of DECIPHER/ENCIPHER/CHECKSUM
|
||||
}
|
||||
|
||||
# Private data
|
||||
EF private-data {
|
||||
file-id = E000;
|
||||
size = 36;
|
||||
ACL = *=NONE;
|
||||
ACL = WRITE=SCBx13, UPDATE=SCBx13, READ=SCBx13;
|
||||
}
|
||||
|
||||
# Certificate
|
||||
EF certificate {
|
||||
file-id = B000;
|
||||
ACL = *=NEVER;
|
||||
ACL = UPDATE=SCBx44, READ=NONE, DELETE=NONE;
|
||||
}
|
||||
|
||||
#Public Key
|
||||
BSO public-key {
|
||||
ACL = *=NEVER;
|
||||
ACL = AUTHENTICATE=SCBx13, GENERATE=SCBx44, UPDATE=SCBx44, READ=NONE;
|
||||
}
|
||||
|
||||
# Public DES keys
|
||||
BSO public-des {
|
||||
size = 24; # 192 bits
|
||||
ACL = *=NONE;
|
||||
}
|
||||
|
||||
# Public data
|
||||
EF public-data {
|
||||
file-id = D000;
|
||||
ACL = *=NONE;
|
||||
ACL = WRITE=IDAxC1, UPDATE=IDAxC1, DELETE=NONE;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,176 @@
|
|||
#
|
||||
# PKCS15 r/w profile for Oberthur cards
|
||||
#
|
||||
cardinfo {
|
||||
label = "IAS/ECC v1.0.1";
|
||||
manufacturer = "OpenSC/Oberthur";
|
||||
|
||||
max-pin-length = 4;
|
||||
min-pin-length = 4;
|
||||
pin-encoding = ascii-numeric;
|
||||
pin-pad-char = 0xFF;
|
||||
}
|
||||
|
||||
pkcs15 {
|
||||
# Put certificates into the CDF itself?
|
||||
direct-certificates = no;
|
||||
# Put the DF length into the ODF file?
|
||||
encode-df-length = no;
|
||||
# Have a lastUpdate field in the EF(TokenInfo)?
|
||||
do-last-update = yes;
|
||||
}
|
||||
|
||||
option ecc {
|
||||
macros {
|
||||
odf-size = 96;
|
||||
aodf-size = 300;
|
||||
cdf-size = 3000;
|
||||
prkdf-size = 6700;
|
||||
pukdf-size = 2300;
|
||||
dodf-size = 3000;
|
||||
skdf-size = 3000;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
# Define reasonable limits for PINs and PUK
|
||||
# Note that we do not set a file path or reference
|
||||
# here; that is done dynamically.
|
||||
PIN user-pin {
|
||||
attempts = 5;
|
||||
max-length = 4;
|
||||
min-length = 4;
|
||||
flags = 0x10; # initialized
|
||||
reference = 0xC1;
|
||||
}
|
||||
PIN so-pin {
|
||||
auth-id = FF;
|
||||
attempts = 5;
|
||||
max-length = 4;
|
||||
min-length = 4;
|
||||
flags = 0xB2;
|
||||
reference = 2
|
||||
}
|
||||
|
||||
# Additional filesystem info.
|
||||
# This is added to the file system info specified in the
|
||||
# main profile.
|
||||
filesystem {
|
||||
DF MF {
|
||||
ACL = *=CHV4;
|
||||
path = 3F00;
|
||||
type = DF;
|
||||
|
||||
# This is the DIR file
|
||||
EF DIR {
|
||||
type = EF;
|
||||
file-id = 2F00;
|
||||
size = 128;
|
||||
acl = *=NONE;
|
||||
}
|
||||
|
||||
# Here comes the application DF
|
||||
DF PKCS15-AppDF {
|
||||
type = DF;
|
||||
aid = E8:28:BD:08:0F:F2:50:4F:54:20:41:57:50;
|
||||
acl = *=NONE;
|
||||
size = 5000;
|
||||
|
||||
EF PKCS15-ODF {
|
||||
file-id = 5031;
|
||||
ACL = *=NEVER;
|
||||
ACL = READ=NONE;
|
||||
}
|
||||
|
||||
EF PKCS15-TokenInfo {
|
||||
file-id = 5032;
|
||||
ACL = *=NEVER;
|
||||
ACL = READ=NONE;
|
||||
}
|
||||
|
||||
EF PKCS15-AODF {
|
||||
file-id = 7001;
|
||||
ACL = *=NEVER;
|
||||
ACL = READ=NONE;
|
||||
}
|
||||
|
||||
EF PKCS15-PrKDF {
|
||||
file-id = 7002;
|
||||
ACL = *=NEVER;
|
||||
ACL = WRITE=SCB0x12, UPDATE=SCB0x12, READ=NONE;
|
||||
}
|
||||
|
||||
EF PKCS15-PuKDF {
|
||||
file-id = 7004;
|
||||
ACL = *=NEVER;
|
||||
ACL = WRITE=SCB0x12, UPDATE=SCB0x12, READ=NONE;
|
||||
}
|
||||
|
||||
EF PKCS15-SKDF {
|
||||
file-id = 7003;
|
||||
ACL = *=NEVER;
|
||||
ACL = WRITE=SCB0x12, UPDATE=SCB0x12, READ=NONE;
|
||||
}
|
||||
|
||||
EF PKCS15-CDF {
|
||||
file-id = 7005;
|
||||
ACL = WRITE=SCB0x12, UPDATE=SCB0x12, READ=NONE;
|
||||
}
|
||||
|
||||
EF PKCS15-DODF {
|
||||
file-id = 7006;
|
||||
ACL = *=NEVER;
|
||||
ACL = WRITE=SCB0x12, UPDATE=SCB0x12, READ=NONE;
|
||||
}
|
||||
|
||||
template key-domain {
|
||||
# Private RSA keys
|
||||
BSO private-key {
|
||||
ACL = *=NEVER;
|
||||
ACL = UPDATE=COUCOUx12;
|
||||
ACL = UPDATE=SCB0x12, READ=NONE;
|
||||
ACL = PSO-COMPUTE-SIGNATURE=SCB0x12, INTERNAL-AUTHENTICATE=SCB0x12, PSO-DECRYPT=SCB0x12, GENERATE=SCB0x12;
|
||||
|
||||
}
|
||||
|
||||
# Private DES keys
|
||||
BSO private-des {
|
||||
size = 24; # 192 bits
|
||||
# READ acl used insted of DECIPHER/ENCIPHER/CHECKSUM
|
||||
}
|
||||
|
||||
# Private data
|
||||
EF private-data {
|
||||
file-id = E000;
|
||||
ACL = *=NEVER;
|
||||
ACL = WRITE=SCB0x12, UPDATE=SCB0x12, READ=SCB0x12;
|
||||
}
|
||||
# Certificate
|
||||
EF certificate {
|
||||
file-id = 3401;
|
||||
ACL = *=NEVER;
|
||||
ACL = UPDATE=SCB0x12, READ=NONE, DELETE=NONE;
|
||||
}
|
||||
|
||||
#Public Key
|
||||
BSO public-key {
|
||||
ACL = *=NEVER;
|
||||
ACL = AUTHENTICATE=SCB0x12, GENERATE=SCB0x12, UPDATE=SCB0x12, READ=NONE;
|
||||
}
|
||||
|
||||
# Public DES keys
|
||||
BSO public-des {
|
||||
size = 24; # 192 bits
|
||||
ACL = *=NONE;
|
||||
}
|
||||
|
||||
# Public data
|
||||
EF public-data {
|
||||
file-id = F000;
|
||||
ACL = *=NONE;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,179 @@
|
|||
#
|
||||
# PKCS15 r/w profile
|
||||
#
|
||||
cardinfo {
|
||||
label = "IAS/ECC Generic PKI application";
|
||||
manufacturer = "IAS/ECC OpenSC";
|
||||
|
||||
max-pin-length = 4;
|
||||
min-pin-length = 4;
|
||||
pin-encoding = ascii-numeric;
|
||||
pin-pad-char = 0xFF;
|
||||
}
|
||||
|
||||
pkcs15 {
|
||||
# Put certificates into the CDF itself?
|
||||
direct-certificates = no;
|
||||
# Put the DF length into the ODF file?
|
||||
encode-df-length = no;
|
||||
# Have a lastUpdate field in the EF(TokenInfo)?
|
||||
do-last-update = yes;
|
||||
}
|
||||
|
||||
option ecc {
|
||||
macros {
|
||||
odf-size = 96;
|
||||
aodf-size = 300;
|
||||
cdf-size = 3000;
|
||||
prkdf-size = 6700;
|
||||
pukdf-size = 2300;
|
||||
dodf-size = 3000;
|
||||
skdf-size = 3000;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
# Define reasonable limits for PINs and PUK
|
||||
# Note that we do not set a file path or reference
|
||||
# here; that is done dynamically.
|
||||
PIN user-pin {
|
||||
attempts = 5;
|
||||
max-length = 4;
|
||||
min-length = 4;
|
||||
flags = 0x10; # initialized
|
||||
reference = 0xC1;
|
||||
}
|
||||
PIN so-pin {
|
||||
auth-id = FF;
|
||||
attempts = 5;
|
||||
max-length = 4;
|
||||
min-length = 4;
|
||||
flags = 0xB2;
|
||||
reference = 2
|
||||
}
|
||||
|
||||
# CHV5 used for Oberthur's specifique access condition "PIN or SOPIN"
|
||||
# Any value for this pin can given, when the OpenSC tools are asking for.
|
||||
|
||||
# Additional filesystem info.
|
||||
# This is added to the file system info specified in the
|
||||
# main profile.
|
||||
filesystem {
|
||||
DF MF {
|
||||
ACL = *=CHV4;
|
||||
path = 3F00;
|
||||
type = DF;
|
||||
|
||||
# This is the DIR file
|
||||
EF DIR {
|
||||
type = EF;
|
||||
file-id = 2F00;
|
||||
size = 128;
|
||||
acl = *=NONE;
|
||||
}
|
||||
|
||||
# Here comes the application DF
|
||||
DF PKCS15-AppDF {
|
||||
type = DF;
|
||||
exclusive-aid = E8:28:BD:08:0F:D2:50:47:65:6E:65:72:69:63;
|
||||
acl = *=NONE;
|
||||
size = 5000;
|
||||
|
||||
EF PKCS15-ODF {
|
||||
file-id = 5031;
|
||||
size = 96;
|
||||
ACL = WRITE=SCBx13, UPDATE=SCBx13, READ=NONE;
|
||||
}
|
||||
|
||||
EF PKCS15-TokenInfo {
|
||||
file-id = 5032;
|
||||
ACL = WRITE=SCBx13, UPDATE=SCBx13, READ=NONE;
|
||||
}
|
||||
|
||||
EF PKCS15-AODF {
|
||||
file-id = 7001;
|
||||
size = 300;
|
||||
ACL = WRITE=SCBx13, UPDATE=SCBx13, READ=NONE;
|
||||
}
|
||||
|
||||
EF PKCS15-PrKDF {
|
||||
file-id = 7002;
|
||||
size = 6700;
|
||||
ACL = WRITE=SCBx13, UPDATE=SCBx13, READ=NONE;
|
||||
}
|
||||
|
||||
EF PKCS15-PuKDF {
|
||||
file-id = 7004;
|
||||
size = 2300;
|
||||
ACL = WRITE=SCBx13, UPDATE=SCBx13, READ=NONE;
|
||||
}
|
||||
|
||||
EF PKCS15-SKDF {
|
||||
file-id = 7003;
|
||||
size = 3000;
|
||||
ACL = WRITE=SCBx13, UPDATE=SCBx13, READ=NONE;
|
||||
}
|
||||
|
||||
EF PKCS15-CDF {
|
||||
file-id = 7005;
|
||||
size = 3000;
|
||||
ACL = WRITE=SCBx13, UPDATE=SCBx13, READ=NONE;
|
||||
}
|
||||
|
||||
EF PKCS15-DODF {
|
||||
file-id = 7006;
|
||||
size = 3000;
|
||||
ACL = WRITE=SCBx13, UPDATE=SCBx13, READ=NONE;
|
||||
}
|
||||
|
||||
template key-domain {
|
||||
# Private RSA keys
|
||||
BSO private-key {
|
||||
ACL = *=NEVER;
|
||||
ACL = UPDATE=SCBx13, READ=NONE;
|
||||
ACL = PSO-DECRYPT=SCBx13, INTERNAL-AUTHENTICATE=SCBx13, GENERATE=SCBx13;
|
||||
}
|
||||
|
||||
# Private DES keys
|
||||
BSO private-des {
|
||||
size = 24; # 192 bits
|
||||
# READ acl used insted of DECIPHER/ENCIPHER/CHECKSUM
|
||||
}
|
||||
|
||||
# Private data
|
||||
EF private-data {
|
||||
file-id = E000;
|
||||
size = 36;
|
||||
ACL = *=NONE;
|
||||
ACL = WRITE=SCBx13, UPDATE=SCBx13, READ=SCBx13;
|
||||
}
|
||||
# Certificate
|
||||
EF certificate {
|
||||
file-id = B000;
|
||||
ACL = *=NEVER;
|
||||
ACL = UPDATE=SCBx13, READ=NONE, DELETE=NONE;
|
||||
}
|
||||
|
||||
#Public Key
|
||||
BSO public-key {
|
||||
ACL = *=NEVER;
|
||||
ACL = INTERNAL-AUTHENTICATE=SCBx13, GENERATE=SCBx13, UPDATE=SCBx13, READ=NONE;
|
||||
}
|
||||
|
||||
# Public DES keys
|
||||
BSO public-des {
|
||||
size = 24; # 192 bits
|
||||
ACL = *=NONE;
|
||||
}
|
||||
|
||||
# Public data
|
||||
EF public-data {
|
||||
file-id = F000;
|
||||
ACL = *=NONE;
|
||||
ACL = WRITE=SCBx13, UPDATE=SCBx13, DELETE=NONE;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue